Using BitTorrent? Hackers Can Control Your PC Remotely

Using BitTorrent? Hackers Can Control Your PC Remotely

Using BitTorrent? Hackers Can Control Your PC Remotely

As we know, people download torrent files using a BitTorrent client. It goes without saying that, BitTorrent is one of the popular torrent clients which is used by many users online. Recently, Google’s Project Zero Team found a critical vulnerability in BitTorrent App.

According to the reports from Ars Technica, Hackers can exploit this vulnerability to execute malicious code on user’s computer. The previous week, Google’s Project Zero team shared the proof-of-concept attack code.

Google’s Project Zero team usually forbears itself from making the details of any existing vulnerability to the public for 90 days. However, in this case, the vulnerability was made public within 40 days. This is because the report also contained a patch, but Transmission developers haven’t responded on their private security mailing list.

First of a few remote code execution flaws in various popular torrent clients, here is a DNS rebinding vulnerability Transmission, resulting in arbitrary remote code execution. https://github.com/transmission/transmission/pull/468 

CVE-2018-5702: Mitigate dns rebinding attacks against daemon by taviso · Pull Request #468 ·…

This issue was originally reported to the private transmission security list on November 30th 2017 Transmission uses a client/server architecture, the user interface is the client and a daemon runs…

github.com

So, after the public release, the downstream projects using the Transmission project would be able to apply the patch. Well, the flaw found on BitTorrent app uses domain name system rebinding to control the Transmission interface whenever victim visits a malicious website.

Hackers after gaining control over the Transmission interface just needs to change the torrent download directory to home and download a torrent file named .bashrc. With this hacker can configure Transmission to run any command after the download has completed.

It’s worth to note that the Transmission developers have also claimed to release the fix as soon as possible. However, the developer team hasn’t shared any specific date.

So, to be on the safe side, you must minimize the use of torrent sites until the fix is being released. What’s your take on this? Discuss with us in the comments.

Leave a Reply

Your email address will not be published. Required fields are marked *